This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new c71ad75 Add a little of the SSL env
c71ad75 is described below
commit c71ad7544a277d9d14359b9d0071c4eb33e124da
Author: remm <[email protected]>
AuthorDate: Wed May 27 14:00:53 2020 +0200
Add a little of the SSL env
Probably since the X509 certificate chain is available, a lot of the
client related env could be done as well.
---
java/org/apache/catalina/valves/rewrite/ResolverImpl.java | 13 ++++++++++++-
webapps/docs/changelog.xml | 4 ++++
webapps/docs/rewrite.xml | 5 ++++-
3 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java
b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java
index a71d64c..1ae6600 100644
--- a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java
+++ b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java
@@ -19,10 +19,12 @@ package org.apache.catalina.valves.rewrite;
import java.nio.charset.Charset;
import java.util.Calendar;
+import org.apache.catalina.Globals;
import org.apache.catalina.WebResource;
import org.apache.catalina.WebResourceRoot;
import org.apache.catalina.connector.Request;
import org.apache.tomcat.util.http.FastHttpDateFormat;
+import org.apache.tomcat.util.net.SSLSupport;
public class ResolverImpl extends Resolver {
@@ -133,7 +135,16 @@ public class ResolverImpl extends Resolver {
@Override
public String resolveSsl(String key) {
- // FIXME: Implement SSL environment variables
+ if (key.equals("SSL_PROTOCOL")) {
+ return
String.valueOf(request.getAttribute(SSLSupport.PROTOCOL_VERSION_KEY));
+ } else if (key.equals("SSL_SESSION_ID")) {
+ return
String.valueOf(request.getAttribute(Globals.SSL_SESSION_ID_ATTR));
+ } else if (key.equals("SSL_CIPHER")) {
+ return
String.valueOf(request.getAttribute(Globals.CIPHER_SUITE_ATTR));
+ } else if (key.equals("SSL_CIPHER_USEKEYSIZE")) {
+ return String.valueOf(request.getAttribute(Globals.KEY_SIZE_ATTR));
+ }
+ // FIXME: Implement other SSL environment variables when possible
return null;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0f4a2a6..9063c98 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -64,6 +64,10 @@
Correct a regression in an earlier fix that broke the loading of
configuration files such as keystores via URIs on Windows. (markt)
</fix>
+ <fix>
+ Implement a few rewrite SSL env that correspond to Servlet request
+ attributes. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
diff --git a/webapps/docs/rewrite.xml b/webapps/docs/rewrite.xml
index c40eb35..be1befa 100644
--- a/webapps/docs/rewrite.xml
+++ b/webapps/docs/rewrite.xml
@@ -245,7 +245,10 @@
<li>
<code>%{SSL:variable}</code>, where <em>variable</em> is the
name of an SSL environment
- variable, are not implemented yet. Example:
+ variable, are not implemented, except
+ <code>SSL_PROTOCOL</code>, <code>SSL_SESSION_ID</code>,
+ <code>SSL_CIPHER</code> and <code>SSL_CIPHER_USEKEYSIZE</code>.
+ Example:
<code>%{SSL:SSL_CIPHER_USEKEYSIZE}</code> may expand to
<code>128</code>.</li>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
